Reaper IoT botnet 'only partially mobilised'

Report finds up to two million infected devices have yet to be activated

Despite the Reaper botnet receiving widespread coverage over the past few weeks, it seems it's not as powerful as security researchers first thought, as many of its bots are not actually operating to disable networks.

Although there are between 10,000 and 20,000 bots launching attacks, another two million hosts that have the potential to become part of it have for some reason not been launched, according to a report by Arbor Networks.

"Possible explanations include: misidentification due to flaws in the scanning code, scalability/performance issues in the Reaper code injection infrastructure, or a deliberate decision by the Reaper botmasters to throttle back the propagation mechanism," the company said in its analysis of the threat.

It's likely that Reaper may have been created to form part of a booter/stresser service for the Chinese DDoS-for-hire market, according to the report, as deeper research into the botnet's behaviour revealed that some of its code appears to be based upon the more powerful Mirai IoT malware.

"While Reaper is capable of launching SYN-floods, ACK-floods, HTTP floods, and DNS reflection/amplification attacks, it is likely to have other, yet-to-be-determined DDoS attack capabilities, as well," Arbor's Security Engineering & Response Team (ASERT) said in a blog post.

The Reaper botnet was first discovered by Qihoo 360 Netlab last month and since its discovery, it's been adapted to pose a threat to a range of connected devices including IP-based cameras, routers, storage boxes and Wi-Fi points from vendors including D-Link, TP-Link, Avtech, Netgear, MikroTik, Linksys, and Synology.

Netgear released a statement saying it's continuously adapting its firmware and security patches to make sure products are as protected as well as they can be.

"Netgear appreciates having security concerns brought to our attention and are constantly monitoring our products to get in front of the latest threats," it said. "Being proactive rather than reactive to emerging security issues is a fundamental belief at Netgear."

Featured Resources

The definitive guide to warehouse efficiency

Get your free guide to creating efficiencies in the warehouse

Free download

The total economic impact™ of Datto

Cost savings and business benefits of using Datto Integrated Solutions

Download now

Three-step guide to modern customer experience

Support the critical role CX plays in your business

Free download

Ransomware report

The global state of the channel

Download now

Most Popular

How to find RAM speed, size and type

How to find RAM speed, size and type

17 Sep 2021
London ranks second to Silicon Valley as world's best startup hub

London ranks second to Silicon Valley as world's best startup hub

22 Sep 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

8 Sep 2021